routing verification as a service rvaas
play

Routing-Verification-as-a-Service (RVaaS) Trustworthy Routing - PowerPoint PPT Presentation

Sep 28, 2023 •346 likes •554 views

Routing-Verification-as-a-Service (RVaaS) Trustworthy Routing Despite Insecure Providers Liron Schiff Kashyap Thimmaraju Stefan Schmid Tel Aviv University, IL TU Berlin, DE Aalborg University, DK June 28, 2016 Liron, Kashyap, Stefan

  1. Routing-Verification-as-a-Service (RVaaS) Trustworthy Routing Despite Insecure Providers Liron Schiff Kashyap Thimmaraju Stefan Schmid Tel Aviv University, IL TU Berlin, DE Aalborg University, DK June 28, 2016 Liron, Kashyap, Stefan Routing-Verification-as-a-Service (RVaaS) June 28, 2016 1 / 20

  2. Trustworthy Routing At least a trustworthy Provider Deutsche Telekom - https://goo.gl/9QdFBR Liron, Kashyap, Stefan Routing-Verification-as-a-Service (RVaaS) June 28, 2016 2 / 20

  3. Trustworthy Routing Not all Providers offer that unfortunately New Scientist - https://goo.gl/b4x78q Liron, Kashyap, Stefan Routing-Verification-as-a-Service (RVaaS) June 28, 2016 3 / 20

  4. Make the Provider more trustworthy Trustworthy routing? Give the Users visibility Visibility to connectivity Visibility to routes Visibility to performance Liron, Kashyap, Stefan Routing-Verification-as-a-Service (RVaaS) June 28, 2016 4 / 20

  5. Make the Provider more trustworthy Trustworthy routing? Give the Provider confidentiality Keep the physical topology confidential Keep the network behaviour confidential Keep the Users data confidential Liron, Kashyap, Stefan Routing-Verification-as-a-Service (RVaaS) June 28, 2016 5 / 20

  6. The Internet and Us Implicit trust in the Provider’s routing Web Server 5.6.7.8 ISP B ISP C ISP A ISP D Client 1.2.3.4 Liron, Kashyap, Stefan Routing-Verification-as-a-Service (RVaaS) June 28, 2016 6 / 20

  7. Traceroute: Visbility in the Internet and into your Provider traceroute to www.google.com (216.58.213.228), 1 192.168.0.1 3.057 ms 3.045 ms 3.387 ms 2 83.169.183.46 16.876 ms 19.954 ms 21.451 ms 3 88.134.234.89 21.436 ms 21.101 ms 21.421 ms 4 88.134.235.10 32.163 ms 33.150 ms 5 88.134.202.25 31.163 ms 38.290 ms 38.282 ms 6 72.14.198.218 38.241 ms 34.813 ms 34.785 ms 7 209.85.249.134 34.759 ms 24.141 ms 21.078 ms 8 209.85.253.241 30.762 ms 30.367 ms 30.367 ms 9 216.58.213.228 17.861 ms 21.913 ms 23.298 ms Liron, Kashyap, Stefan Routing-Verification-as-a-Service (RVaaS) June 28, 2016 7 / 20

  8. SDN: Centralized Visibility and Control Is this the elixir for networking? Control- plane OpenFlow Data-plane An overview of what SDN offers: Granular visibility, Policing, (Re)Configuration, etc.. Liron, Kashyap, Stefan Routing-Verification-as-a-Service (RVaaS) June 28, 2016 8 / 20

  9. Outline Introduction Threat Model RVaaS Conclusion Liron, Kashyap, Stefan Routing-Verification-as-a-Service (RVaaS) June 28, 2016 9 / 20

  10. SDN: A compromized control plane Bob 5.6.7.8 Provider C Eve 6.6.6.6 Provider A Provider D Alice 1.2.3.4 A compromised control plane in Provider A can MITM Alice’s traffic to Eve Liron, Kashyap, Stefan Routing-Verification-as-a-Service (RVaaS) June 28, 2016 10 / 20

  11. The Threat Model The Clients/Users: Trusted or untrusted. The Provider: Physical Infrastructure: Trusted. Control plane: Untrusted. Data plane: Trusted. Liron, Kashyap, Stefan Routing-Verification-as-a-Service (RVaaS) June 28, 2016 11 / 20

  12. RVaaS Trustworthy routing Routing-Verification-as-a-Service Verifiable routing properties Confidentiality Low resource requirements Network Management RVaaS Provider A Liron, Kashyap, Stefan Routing-Verification-as-a-Service (RVaaS) June 28, 2016 12 / 20

  13. RVaaS Components Configuration Monitoring: Active/Passive Logical Verification: Header Space Analysis, Emulation In-band Test and Client Interaction: Packet-In, Packet-Out Liron, Kashyap, Stefan Routing-Verification-as-a-Service (RVaaS) June 28, 2016 13 / 20

  14. RVaaS What can RVaaS do? Client A can reach ISP B and ISP C. Which destinations can I reach? RvaaS Provider B Client A Provider A Provider C Liron, Kashyap, Stefan Routing-Verification-as-a-Service (RVaaS) June 28, 2016 14 / 20

  15. RVaaS Who would use RVaaS? ISPs Public cloud providers Private cloud providers Anybody who wants to keep track of their dataplane Liron, Kashyap, Stefan Routing-Verification-as-a-Service (RVaaS) June 28, 2016 15 / 20

  16. RVaaS Why use RVaaS? Network visibility Enhance Provider and Client relationship Verfication as a service Isolation checks Geo-location checks Fairness checks Routing/Forwarding table checks Liron, Kashyap, Stefan Routing-Verification-as-a-Service (RVaaS) June 28, 2016 16 / 20

  17. RVaaS in action RvaaS controller OpenFlow OpenFlow Packet Packet Out In 3 2 3 Integrity request packet 4 1 Auth A request A 4 packet B B A B Liron, Kashyap, Stefan Routing-Verification-as-a-Service (RVaaS) June 28, 2016 17 / 20

  18. RVaaS in action RvaaS controller OpenFlow OpenFlow Packet Packet In Out 2 3 Integrity 2 reply packet 4 1 Auth A A reply 1 packet B B A B Liron, Kashyap, Stefan Routing-Verification-as-a-Service (RVaaS) June 28, 2016 18 / 20

  19. Conclusion We lack visibility into our Providers network and the Internet SDN offers excellent visibility into the network RVaaS leverages SDN to deliver routing verification to Clients and Providers Liron, Kashyap, Stefan Routing-Verification-as-a-Service (RVaaS) June 28, 2016 19 / 20

  20. Questions? Liron, Kashyap, Stefan Routing-Verification-as-a-Service (RVaaS) June 28, 2016 20 / 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Welcome! Asset Verification Service (AVS) The purpose of AVS is to automate verification of

Welcome! Asset Verification Service (AVS) The purpose of AVS is to automate verification of

Welcome! Asset Verification Service (AVS) The purpose of AVS is to automate verification of assets for initial and re-determinations for OSIP-M consumers without SSI. Asset Verification Service Kick-Off 11/8/18 Introduce Project Team

253 views • 14 slides
Welcome! Asset Verification Service (AVS) The purpose of AVS is to automate verification of

Welcome! Asset Verification Service (AVS) The purpose of AVS is to automate verification of

Welcome! Asset Verification Service (AVS) The purpose of AVS is to automate verification of assets for initial and re-determinations for OSIP-M consumers without SSI. Reminder: Please turn up your volume! Asset Verification Service

244 views • 9 slides
Welcome! Asset Verification Service (AVS) The purpose of AVS is to automate verification of

Welcome! Asset Verification Service (AVS) The purpose of AVS is to automate verification of

Welcome! Asset Verification Service (AVS) The purpose of AVS is to automate verification of assets for initial and re-determinations for OSIP-M consumers without SSI. Reminder: Please turn up your volume! AVS Project Update 12/27/2018 AVS

245 views • 8 slides
PCEP Extensions for Service Segment Support in Segment Routing

PCEP Extensions for Service Segment Support in Segment Routing

PCEP Extensions for Service Segment Support in Segment Routing draft-dw-pce-service-segment-routing-00 Qin Wu(bill.wu@huawei.com) Dhruv Dhody (dhruv.ietf@gmail.com ) PCEP Extensions for Service Segment support Objective allow a stateful

380 views • 5 slides
Objectives Design rules Floorplan Routing Physical layout verification

Objectives Design rules Floorplan Routing Physical layout verification

Objectives Design rules Floorplan Routing Physical layout verification Clock network Power network Engineering changing order Package After completing logic/circuit design, the next phase in ASIC design flow

1.03k views • 92 slides
DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification

DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification

DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification Projects Birth Record Verification State to State Verification DIVS State to State Verification Service (S2S) Program Benefits Mission

349 views • 8 slides
routing.openstreetmap.de Michael Spreng State of the Map Milano July 29, 2018 What is

routing.openstreetmap.de Michael Spreng State of the Map Milano July 29, 2018 What is

routing.openstreetmap.de Michael Spreng State of the Map Milano July 29, 2018 What is routing.openstreetmap.de? Routing service on OpenStreetMap data Supports pedestrian, cyclist and car routing Why? All routing servers on openstreetmap.org

115 views • 8 slides
4.3 Routing protocols We first look at Routing Tables and routing mechanisms. A routing table has

4.3 Routing protocols We first look at Routing Tables and routing mechanisms. A routing table has

4.3 Routing protocols We first look at Routing Tables and routing mechanisms. A routing table has columns for the destination network (or hosts) with the corresponding cost and the next router address to reach a destination. Additional

1.08k views • 84 slides
Landmark Landmark-based routing based routing Landmark Landmark-based routing based routing

Landmark Landmark-based routing based routing Landmark Landmark-based routing based routing

Landmark Landmark-based routing based routing Landmark Landmark-based routing based routing [Kleinberg04] J. Kleinberg, A. Slivkins, T. Wexler. Triangulation and Embedding using Small Sets of Beacons. Proc. 45th IEEE Symposium on Foundations of

450 views • 32 slides
Scalable Routing Outline Routing Algorithms Scalability 1 Overview Forwarding vs Routing

Scalable Routing Outline Routing Algorithms Scalability 1 Overview Forwarding vs Routing

Scalable Routing Outline Routing Algorithms Scalability 1 Overview Forwarding vs Routing forwarding: to select an output port based on destination address and routing table routing: process by which routing table is built

543 views • 13 slides
1 Routing Table Routing Table Destination network Next router

1 Routing Table Routing Table Destination network Next router

Lecture 12. Lecture 12. Introduction to Introduction to IP Routing IP Routing Giuseppe Bianchi Why introduction? Why introduction? Routing: very complex issue need in-depth study entire books on routing our scope: give a

552 views • 19 slides
Routing Introduction Direct vs. Indirect Delivery Static vs. Dynamic Routing Distance Vector vs.

Routing Introduction Direct vs. Indirect Delivery Static vs. Dynamic Routing Distance Vector vs.

Routing Introduction Direct vs. Indirect Delivery Static vs. Dynamic Routing Distance Vector vs. Link State (C) Herbert Haas 2005/03/11 IP Datagram Service IP Host IP Router Destination Next Hop A R1 B R4 C R3 R1 R2 R3 .....

529 views • 37 slides
Interplay between routing and forwarding routing algorithm Routing Algorithms and Routing local

Interplay between routing and forwarding routing algorithm Routing Algorithms and Routing local

Interplay between routing and forwarding routing algorithm Routing Algorithms and Routing local forwarding table header value output link in the Internet 0100 3 0101 2 0111 2 1001 1 value in arriving packets header 1 0111 2 3

403 views • 8 slides
Ad Hoc Wireless Routing CS 218- Fall 2003 Wireless multihop routing challenges Review of

Ad Hoc Wireless Routing CS 218- Fall 2003 Wireless multihop routing challenges Review of

Ad Hoc Wireless Routing CS 218- Fall 2003 Wireless multihop routing challenges Review of conventional routing schemes Proactive wireless routing Hierarchical routing Reactive (on demand) wireless routing Geographic routing

893 views • 60 slides
Multi-Valued Verification 7 th International Verification Methods Workshop VKU Forum, Berlin Tim

Multi-Valued Verification 7 th International Verification Methods Workshop VKU Forum, Berlin Tim

Multi-Valued Verification 7 th International Verification Methods Workshop VKU Forum, Berlin Tim Bullock & Nelson Shum Meteorological Service of Canada (MSC) 2017-05-09 Contents The Case for Multi-valued Verification (MVV)

278 views • 23 slides
Routing Algebras What are routing algebras? Created to study properties of routing protocols

Routing Algebras What are routing algebras? Created to study properties of routing protocols

Routing Algebras What are routing algebras? Created to study properties of routing protocols Does the routing protocol converge? Does the routing protocol compute optimal paths? Separates the routing data & algorithm Data

326 views • 11 slides
Data types, arrays, pointer, memory storage classes, function call Jan Faigl Department of

Data types, arrays, pointer, memory storage classes, function call Jan Faigl Department of

Data types, arrays, pointer, memory storage classes, function call Jan Faigl Department of Computer Science Faculty of Electrical Engineering Czech Technical University in Prague Lecture 03 B3B36PRG C Programming Language Jan Faigl, 2020

1.14k views • 64 slides
Network Administration Alessandro Barenghi Dipartimento di Elettronica, Informazione e

Network Administration Alessandro Barenghi Dipartimento di Elettronica, Informazione e

Intro Network stack, brutalized Network Administration Firewalling S/DNAT Network Administration Alessandro Barenghi Dipartimento di Elettronica, Informazione e Bioingegneria Politecnico di Milano barenghi - at - elet.polimi.it April 9,

628 views • 38 slides
CSN09101 Networked Services Week 8: Essential Apache Week 8: Essential Apache Module Leader: Dr

CSN09101 Networked Services Week 8: Essential Apache Week 8: Essential Apache Module Leader: Dr

CSN09101 Networked Services Week 8: Essential Apache Week 8: Essential Apache Module Leader: Dr Gordon Russell Lecturers: G. Russell This lecture Configuring Apache Mod_rewrite Discussions Configuring Apache Apache

624 views • 48 slides
solution for rural and remote health care Aidan dan Hobbs bbs Business Lead Outreach

solution for rural and remote health care Aidan dan Hobbs bbs Business Lead Outreach

An integrated planning solution for rural and remote health care Aidan dan Hobbs bbs Business Lead Outreach CheckUP Australia Outr Ou treach each Ov Overvie view Rural al Health Outreach ach Fund (RHOF) OF) 1. 1. Medical l

507 views • 25 slides
BUS Electronic Computers M Some drawings are from the Intel book

BUS Electronic Computers M Some drawings are from the Intel book

BUS Electronic Computers M Some drawings are from the Intel book Weaving_High_Performance_Multiprocessor_Fabric 1 Traditional bus Main Interfaces Memory Processor CPU Program Transit ALU Network and status Registers Registers

870 views • 51 slides
Introductions/Updates Richard Hancock Director of Childrens Services Tamesides Early Help

Introductions/Updates Richard Hancock Director of Childrens Services Tamesides Early Help

Introductions/Updates Richard Hancock Director of Childrens Services Tamesides Early Help Offer December 2019 Lorraine Hopkins Head of Service THE EARLY HELP ACCESS POINT Early Help Access Point was launched in March 2019, it has

1.09k views • 76 slides
Upcoming Assignments CS 4100: Artificial Intelligence Due Tue 10 Sep at 11:59pm (today)

Upcoming Assignments CS 4100: Artificial Intelligence Due Tue 10 Sep at 11:59pm (today)

Upcoming Assignments CS 4100: Artificial Intelligence Due Tue 10 Sep at 11:59pm (today) Search Pr Project 0: Python Tutorial Homework k 0: Math Self-diagnostic 0 points in class, but important to check your preparedness Due Fri

348 views • 7 slides
Regulator conducts stress tests for a bank over two periods Prior to the test, in each period,

Regulator conducts stress tests for a bank over two periods Prior to the test, in each period,

Regulator conducts stress tests for a bank over two periods Prior to the test, in each period, bank can make risky or safe loans Risky loans turn out to be good or bad , which is revealed in the course of the stress test Following

624 views • 9 slides

More recommend